=========================================================================
Date: Wed, 19 Jan 1994 22:16:00 CST
Reply-To: TK0JUT2@MVS.CSO.NIU.EDU
Sender: CU-DIGEST list
From: TK0JUT2%NIU.bitnet@vm42.cso.uiuc.edu
Subject: Cu Digest, #6.08
CONTENTS, #6.08 (Jan 19 1994)
File: 4--"Terminal Compromise" by W. Schwartau (Book Review)
----------------------------------------------------------------------
Date: 16 Jan 1994 00:47:44 -0600
From: ROBERTS%DECUS@MIMAS.ARC.AB.CA(Rob Slade, Ed. DECrypt & ComNet,
Subject: File 4--"Terminal Compromise" by W. Schwartau (Book Review)
Terminal Compromise (by Wynn Scwhartau)
PUBLISHER:
Inter.Pact Press
11511 Pine St. N.
Seminole, FL 34642
813-393-6600
fax: 813-393-6361
"Terminal Compromise", Schwartau, 1991, 0-962087000-5, U$19.95/C$24.95
wschwartau@mcimail.com p00506@psi.com
"Terminal Compromise" was first published in 1991, and was
enthusiastically promoted by some among the security community as the
first fictional work to deal realistically with many aspects of data
communications and security. Although still available in that form,
recently is has been "re-issued" in a softcopy "shareware" version on
the net. (It is available for ftp at such sites as ftp.uu.net,
ftp.netsys.com, soda.berkeley.edu and wuarchive.wustl.edu. Use archie
to look for TERMCOMP.) Some new material has been added, and some of
the original sections updated. Again, it has been lauded in postings
on security related newsgroups and distribution lists.
Some of you may be old enough to recall that the characters current in
"Outland" sprang from a previous Berke Breathed cartoon strip called
"Bloom County". Opus, at one point, held the post of movie reviewer
for the "Bloom County Picayune". I remember that one of his reviews
started out, "This movie is bad, really bad, abominably bad, bad, bad,
bad!" He considers this for a moment, and then adds, "Well, maybe not
*that* bad, but Lord! it wasn't good!"
A fairly large audience will probably enjoy it, if such trivialities
as language, characterization and plot can be ignored. For once the
"nerds" don't get beat on; indeed, they are the heroes (maybe). The
use of computers is much more realistic than in most such works, and
many ideas that should have greater currency are presented. The book
will also appeal to paranoiacs, especially those who believe the US
federal government is out to get them.
Consistency is the hobgoblin of little minds -- but it does make for a
smoother "read". "Terminal Compromise" would benefit from a run
through a style checker ... and a grammar checker ... and a spelling
checker. Constructions such as "which was to be the hypocenter of the
blast if the Enola Gay hadn't missed its target" and "National Bureau
of Standards which sets standards" are understandable, although
awkward. In other places it appears words might be missing, and you
have to read over sentences several times to puzzle out the meaning.
(The softcopy/shareware version comes off a little worse here, with
fragments of formatting codes left in the text.)
On second thought, forget the spelling checker. Most of the words are
spelled correctly: they are simply *used* incorrectly. A reference to
an "itinerant professional" has nothing to do with travelling. (Maybe
he meant "consummate": I couldn't think of a synonym starting with
"i".) The "heroine" trade was probably intended to refer to white
powder rather than white slavery. There are two automobile "wreak"s.
"Umbrage" is used twice. An obscure seventeenth century usage did
once refer to shelter given by islands to a harbour, but it's
stretching the language a bit to make it refer to a covering for the
naughty bits. Umbrage usually refers to offence, suspicion, doubt or
rage, as in "I take umbrage at what I suspect is a doubtful use of the
language".
Characterization? There isn't any. The major characters are all
supposed to be in their forties: they all, including the President of
the United States, speak like unimaginative teenage boys whose
vocabulary contains no adjectives other than obscenities. This makes
it difficult at times to follow the dialogue, since there are no
distinctives between speakers. (The one exception is the president of
a software firm who makes a successful, although surprising,
translation from "beard" to "suit", and is in the midst of the most
moving and forceful speech in the book, dealing with our relationship
to computers, when the author has him assassinated.)
The book is particularly hard on women. There are no significant
female characters. None. In the initial introduction and background
of the hero there is no mention of a significant other. It is
something of a shock later to discover he is married, then that he is
divorced. Almost all of the females are simply bedroom furniture.
The portrayals remind one of the descriptions in "Don Quixote" of
women "so gay, striking and beautiful that the sight of her impressed
them all; so vividly that, if they had not already seen [the others],
they would have doubted whether she had her match for beauty".
Which raises another point. All of the hackers, except some of the
Amsterdam crew, are fit, athletic and extremely attractive to the
female of the species. Even among the I-Hack crowd, while there may
be some certifiable lunatics, nobody is unkempt or unclean. These
urbane sophisticates drink "Glen Fetitch" and "Chevas" while lounging
in "Louis Boston" suits on "elegant ... PVC furniture". Given that
the hackers save the day (and ignoring, for the moment, that they
caused the trouble in the first place) there seems to be more than a
touch of wish fulfillment involved.
(Schwartau tries to reiterate the "hackers aren't evil" point at every
opportunity. However, he throws away opportunities to make any
distinctions between different types of activities. Although the
different terms of phreaks, hackers and crackers are sprinkled
throughout the story they are not well defined as used by the online
community. At one point the statement is made that "cracking is
taking the machine to its limit". There is no indication of the
divisions between phreaks, hackers and crackers within their various
specialties, nor the utter disdain that all three have for virus
writers. Cliff Stoll's "Hanover (sic) Hacker", Markus Hess, is
described as a "well positioned and seemingly upstanding individual".
This doesn't jibe with Stoll's own description of a "round faced,
slightly overweight ... balding ... chain smoking" individual who was
"never a central figure" with the Chaos Computer Club, and who, with a
drug addict and a fast buck artist for partners "knew that he'd
screwed up and was squirming to escape".)
What little character is built during the story is unsteady. The
author seems unable to decide whether the chief computer genius is one
of the good guys or the bad. At times he is mercenary and
self-centred; at others he is poetic, eloquent and visionary; in yet
other scenes he is mentally unbalanced. (He also appropriates the
persona and handle of another hacker. We are never told why, nor are
we ever informed of what happened to the original.) Following the
characters isn't made any easier by the inconsistency of naming: in
the space of five paragraphs we find that our hero, Scott Byron Mason
(maybe) is the son of Marie Elizabeth Mason and Louis Horace Mason.
Or possibly Evelyn Mason and Horace Stipton Mason. The main academic
studying viral programs is Dr. Les (or Arnold) Brown (or Sternman) who
is a professor at Sheffield (or MIT). (Interestingly, there is an
obvious attempt to correct this in the later "softcopy" version of the
book. At times the "corrections" make the problem worse.)
For a "thriller", there is very little tension in the story. The
unveiling of the plot takes place on a regular step by step basis.
There is never any hint that the hero is in the slightest personal
danger: the worst that happens is that one of his stories is quashed.
Indeed, at the end of the book the computer attacks seem basically all
to have succeeded, credit card companies are bankrupt, banks are in a
mess, airlines are restricted, phone systems are unreliable and the
bad guys are in charge. Yet our heroes end up rich and happy on an
island in the sun. The author seems to be constantly sounding the
alarm over the possibility of this disaster, but is unwilling,
himself, to face the tremendous personal suffering that would be
generated.
Leaving literary values aside, let us examine the technical contents.
The data security literate will find here a lot of accurate
information. Much of the material is based on undisputed fact; much
of the rest brings to light some important controversies. We are
presented with a thinly disguised "Windows", a thinly disguised Fred
Cohen (maybe two?), a severely twisted Electronic Freedom Foundation
and a heavily mutated John Markoff. However, we are also presented
with a great deal of speculation, fabrication and technical
improbabilities. For the technically adept this would be
automatically disregarded. For the masses, however (and this book
seems to see itself in an educational light), dividing the wheat from
the chaff would be difficult if not impossible.
As with names, the author appears to have problems with the
consistency of numbers. In the same paragraph, the softcopy version
has the same number quoted as "over 5000", "almost 5000" and "three
thousand". (It appears to have been "corrected" or updated from the
original version without reading the context). A calculation of the
number of hackers seems to be based upon numbers pulled out of the
air, and a computer population an order of magnitude larger than
really exists. The "network", seemingly referring to the Internet,
has a population two orders of magnitude too large. Four million
legal copies, with an equal number of pirate copies, of a virus
infected program apparently result in only "between 1 and 5 million"
infections. (I *knew* a lot of people had bought Windows but never
used it!) Not the most prolific virus we've ever seen.
Schwartau seems uncertain as to whether he wants to advertise real
software or hide it. At various times the characters, incessantly
typing to each other across the (long distance) phone lines use
"xtalk" (the actual filename for Crosstalk), "ProCom" (ProComm,
perhaps?), "ComPro" and "Protalk". They also make "4800 BAUD"
connections (technically unlikely over voice grade lines, and even if
he meant "bits per second" 4800 is rather an odd speed) and
communicate with "7 bits, no parity, no stop bits" parameter settings.
(The more common parameter settings are either 8 bits, no parity or 7
bits, even parity. You *must* have stop bits, usually one. And to
forestall the obvious criticism, there is no indication in the book
that a "non-standard" setting is being used for security reasons.)
We are, at places in the text, given detailed descriptions of the
operations of some of the purported viral programs. One hides in
"Video RAM". Rather a stupid place to hide since any extensive video
activity will overwrite it. (As I recall, the Proto-T hoax, which was
supposed to use this same mechanism, started in 1991. Hmmm.) Another
would erase the disk the first time the computer was turned on, which
leads one to wonder how it was supposed to reproduce. (This same
program was supposed to be able to burn out the printer port
circuitry. Although certain very specific pieces of hardware may fail
under certain software instructions, no printer port has ever been
numbered among them.) One "hidden file" is supposed to hide itself by
looking like a "bad cluster" to the system. "Hidden" is an attribute
in MS-DOS, and assignable to any file. A "bad cluster" would not be
assigned a file name and therefore would never, by itself, be executed
by any computer system. We also have a report of MS-DOS viri wiping
out a whole town full of Apple computers.
Schwartau is not averse to making up his own virus terminology, if
necessary. ("Stealth" is also reported as a specific virus.) At one
point the book acknowledges that viral programs are almost invariably
detected within weeks of release, yet the plot relies upon thousands
of viri remaining undetected for years. At another point the use of
"radio broadcasts" of viral programs to enemy systems is advocated,
ignoring the fact that the simplest error checking for cleaning
"noise" from digital radio transmissions would eliminate such
activity.
A number of respected security experts have expressed approval of
"Terminal Compromise". This approbation is likely given on the basis
that this book is so much better than other fictional works whose
authors have obviously had no technical background. As such the
enthusiasm is merited: "Terminal Compromise" raises many important
points and issues which are currently lost on the general public.
Unfortunately, the problems of the book, as a book, and the technical
excesses will likely restrict its circulation and impact. As a
fictional work the lack of literary values are going to restrict both
its appeal and longevity. As an exhortative or tutorial work, the
inability to distinguish between fact and fiction will reduce its
value and effectiveness in promoting the cause of data security.